Ok, Framed-IP-Address and Framed-IP-Netmask are being confused.
Framed-IP-Netmask should ALWAYS be 255.255.255.255 for any single-IP dialin
user. 255.255.255.254 would route TWO IPs to the customer - if the PM
has 'set user-netmask on'. If not, it is moot - since the PM will ignore
the RADIUS Netmask and use 255.255.255.255 by default. However, this can
easily bite you later if you turn this on to get VLSM/CIDR support on
dialin. So, unless you KNOW you NEED to route multiple IPs to a dialin
user, mare SURE the Framed-IP-Netmask is 255.255.255.255. If you need to
route multiple IPs, set the netmask accordingly (and 'set user-netmask on').
Now, Framed-IP-Address has two special values. 255.255.255.254 is what most,
nearly all, people will be using. That means 'assign this user an IP out of
your local pool'. 255.255.255.255 is the other special value. That means
'let the user pick ANY IP'. This is dangerous, for reasons that should be
obvious, and should NEVER be used. (Those who know they need it also know
well enough to ignore absolute statements - if you have any doubts, don't
use it.)
-MZ
-- <URL:mailto:megazone@megazone.org> Gweep, author, webmaster, human being, me "A little nonsense now and then, is relished by the wisest men" 781-788-0130 <URL:mailto:megazone@gweep.net> <URL:http://www.megazone.org/> Hail Discordia! - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>